By: David A. Hoffman, Associate General Counsel and Global Privacy Officer
Intel is experimenting with a new approach to participatory democracy. We have created a website on which we have posted our recommended draft for a comprehensive U.S. privacy law. The website has a portion where privacy law experts are providing feedback on the draft, and for the public to provide comments. We are going to keep the discussion going for two weeks and then will revise our draft. We encourage everyone to visit the website and participate. Here is some background on the effort and a description of our draft.
Why Pass a US Federal Privacy Law?
Effective privacy regulation is critical to allow technologies like artificial intelligence to help solve the world’s greatest challenges. The combination of advances in computing power, memory and analytics create the possibility that technology can make tremendous strides in precision medicine, disease detection, driving assistance, increased productivity, workplace safety, education and more. At Intel we are developing many of these technologies and are focused on integrating artificial intelligence capability across the global digital infrastructure. At the same time, we recognize the need for a legal structure to prevent harmful uses of the technology and to preserve personal privacy so that all individuals embrace new, data-driven technologies. At Intel we know that privacy is a fundamental human right and robust privacy protection is critical to allow individuals to trust technology and participate in society.
What the US needs is a privacy law that parallels the country’s ethos of freedom, innovation and entrepreneurship. That law needs to protect individuals and enable for the ethical use of data. As noted above, the use of data by new technologies such as artificial intelligence will help us solve some of the most vexing global problems while spurring economic growth. That ethical use of data will be critical as we use the data to train artificial intelligence algorithms to detect bias and enhance cyber security. In short, it takes data to protect data. The US needs a law that promotes ethical data stewardship, not one that just attempts to minimize harm. A non-harmonized patchwork of state legislation will cause companies to default to restrictive requirements and the result will decrease the likelihood of realizing technology’s great potential to improve lives.
How is the proposal structured?
The law uses the Fair Information Practice Principles (FIPPs) from the Organization for Economic Cooperation and Development’s (OECD) Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. The OECD FIPPs are “the Global Common Language of Privacy” and many of the privacy laws around the world are based on them. For the past few years, Intel has worked on a “Rethinking Privacy” initiative to take the OECD FIPPs and show how they can be implemented in law differently to promote the innovative and ethical use of data.
How will the law be enforced?
Robust, harmonized and predictable enforcement is necessary. The US Federal Trade Commission has decades of experience protecting privacy. What the Commission needs are: 1. More resources, 2. Authority to oversee all industry sectors, 3. A clear mandate to develop guidance and regulations to communicate to organizations how they should implement the FIPPs, and 4. The ability to enforce meaningful but fair sanctions. Our proposal provides all four of those elements, while also preserving a role for State Attorneys General to apply sanctions in situations where the Commission declines to start an enforcement action. The law uses those sanctions as a way to further encourage organizations to demonstrate their accountability, by allowing those entities that adopt robust privacy programs to have a safe harbor from civil penalties.